Hello and welcome to this month’s blog on the Microsoft patch releases. This is a moderate month—the vendor is releasing six bulletins covering a total of 15 vulnerabilities.
Three of the issues are rated “Critical” and affect Web Services on Devices API, License Logging Server, and the Windows kernel. An attacker could exploit these issues remotely to gain complete control of a vulnerable computer.
The remaining issues, rated “Important”, affect Excel, the Windows kernel, Office, and Active Directory. Although these are only rated “Important” by Microsoft, we consider the Office and Excel issues quite serious and advise customers to apply updates as soon as possible.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a very heavy month—the vendor is releasing 13 bulletins covering a total of 34 vulnerabilities.
Twenty-one of the issues are rated “Critical” and affect GDI+, Active Template Library (ATL), Media Player, .NET, Silverlight, Internet Explorer, Server Message Block (SMB), and Media Runtime. Most of those are client-side vulnerabilities that require a victim to open a malicious file or visit a malicious page. The SMB issue is a fairly serious server-side vulnerability that was reported early last month.
The remaining issues, rated “Important” and “Moderate,” affect GDI+, Windows Indexing Service, Windows kernel, CryptoAPI, Internet Information Services (IIS), LSASS, and SMB.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month—the vendor is releasing five bulletins covering a total of eight vulnerabilities.
Six of the issues are rated “Critical” and affect DHTML Editing ActiveX control, Windows TCP/IP, Windows Wireless, Windows Media, and JScript. The DHTML, Media, and JScript issues are all familiar client-side vulnerabilities that can allow arbitrary code to run in the context of the currently logged-in user. The TCP/IP issue is a remote code-execution vulnerability that attackers can leverage to gain complete control of a vulnerable computer.
The remaining issues, rated “Important,” are denial-of-service vulnerabilities affecting Windows TCP/IP.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly heavy month—the vendor is releasing nine bulletins covering a total of 19 vulnerabilities.
Fifteen of the issues are rated “Critical” and affect Active Template Library (ATL), Office Web Components, Remote Desktop Connection, WINS, and Windows AVI file handling. The ATL issues are a continuation of the vulnerabilities addressed in the out-of-band bulletins Microsoft released last month. The two WINS issues, primarily affecting Enterprise...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month—the vendor is releasing six bulletins covering a total of nine vulnerabilities.
Six of the issues are rated “Critical” and affect Windows, DirectX, and Windows OpenType Font engine. One of the DirectX issues and one of the ActiveX issues were previously disclosed back in May of this year and earlier this month. Both issues have also seen active exploit attempts in the wild. The remaining issues, rated “Important,” affect Publisher, Virtual PC, Virtual Server, and ISA Server.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a very heavy month—the vendor is releasing 10 bulletins covering a total of 31 vulnerabilities, which is the largest number of vulnerabilities covered in a single "Patch Tuesday" since Microsoft started the monthly patch program.
A video of Symantec Security Response’s John Harrison discussing the vulnerabilities addressed this month can be viewed here: http://www.youtube.com/watch?v=-X51L07fk48
Seventeen of the issues are rated “Critical” and affect Office, Print Spooler, Excel, Word, Internet Explorer, and Active Directory. The more severe of the two Active Directory issues can be remotely exploited to gain complete access to a vulnerable computer. In most cases, the remaining “Critical” issues require some sort of user interaction to trigger (e.g. visiting a...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a light, yet moderate month—the vendor is releasing one bulletin covering a total of 14 vulnerabilities. This is the first time we've seen a single bulletin cover so many vulnerabilities since Microsoft started the monthly patch program.
All the issues are remote code-execution vulnerabilities in PowerPoint, and Microsoft has rated 11 of them “Critical.” For any of these issues to be triggered, a victim must open a specially crafted file with a vulnerable version of PowerPoint.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available. - Run all software with the least privileges required while still maintaining functionality. - Avoid handling files from unknown or questionable sources.
Microsoft’s summary of the May releases can be found here:
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly heavy month—the vendor is releasing eight bulletins covering a total of 21 vulnerabilities. Two of these issues are covered in more than one bulletin: CVE-2008-2540 in MS09-015 and MS09-014, and CVE-2009-0550 in MS09-013 and MS09-014.
Ten of the issues, rated “Critical,” are remote code-execution vulnerabilities affecting WordPad, Word, DirectX, Windows HTTP services, Internet Explorer, and Excel. The remaining issues, rated “Important” and “Moderate,” affect Windows, Internet Explorer, ISA Server, WordPad, and Windows HTTP services. Nearly all of the bulletins this month address issues that were previously disclosed or are variants of those issues.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available. - Block external access at the...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month. The vendor is releasing three bulletins covering a total of eight vulnerabilities. Ben Greenbaum (Sr. Research Manager, Symantec Security Response) discusses these vulnerabilities in a video that can be viewed here.
Of the eight vulnerabilities, only one is rated “Critical”—a remote code-execution vulnerability affecting the Windows kernel. This is a fairly serious issue, because a successful exploit will result in a complete compromise of the affected computer. The remaining issues, all rated “Important”, affect the Windows kernel, SChannel, and Windows WINS and DNS servers.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available. - Block external access...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month—the vendor is releasing four bulletins covering a total of eight vulnerabilities.
Of those, three are “Critical” issues affecting Exchange Server and Internet Explorer. We haven’t seen email-based attacks in a while, but the first Exchange Server issue is exactly that. To exploit the issue, an attacker only needs to send an email with a specially crafted attachment and entice an unsuspecting victim into opening the email. The other Exchange issue, rated “Important,” can be remotely exploited to cause an affected server to crash. This could have a significant impact on enterprise users.
We've noticed what appears to be a trend regarding Internet Explorer. The vendor has released a cumulative security bulletin for that product every other month for the past 18 months.
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a light month—the vendor is releasing only one bulletin covering a total of three vulnerabilities affecting Server Message Block (SMB).
Of those issues, two are “Critical” server-side, remotely exploitable code-execution vulnerabilities. These are rather serious issues that may allow remote attackers to completely compromise a vulnerable computer. Given the nature of these issues, developing viable exploits to execute code may prove difficult, but denial-of-service attacks will likely be trivial. The remaining issue, rated “Moderate”, is a remote denial-of-service vulnerability.
As always, customers are advised to follow these security best practices:
-Install vendor patches as soon as they are available. -Block external access at the network perimeter to specific sites and computers only. -Run all software with the least privileges...
Hello and welcome to this month's blog on the Microsoft patch releases. As far as vulnerability counts go, this is the largest patch release since Microsoft started the "Patch Tuesday" program back in late 2003. The release contains eight bulletins covering 28 vulnerabilities.
Of those issues, 23 are rated "Critical" and affect Word, Outlook, Internet Explorer, Visual Basic ActiveX controls, GDI, Windows Search, and Excel. All of the "Critical" issues this month require some sort of user interaction, whether visiting a Web page that contains malicious content or viewing a malicious file. The remaining issues affect GDI, Windows Search, SharePoint, and Windows Explorer; they range in importance from "Important" to "Moderate."
As always, customers are advised to follow security best practices, including:
-Install vendor patches as soon as they are available -Block external access at the network perimeter to...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a light month, with two bulletins covering four vulnerabilities.
The only “Critical” issue this month is a previously public remote-code execution vulnerability (BID 21872) in Microsoft XML Core Services. The remaining three issues are rated “Important” and include two information-disclosure issues affecting XML Core Services and a remote code-execution issue in Server Message Block (SMB).
As always, customers are advised to follow these security best practices:
-Block external access at the network perimeter to specific sites and computers only. -Avoid sites of questionable or unknown integrity. -Never open files from unknown or questionable sources. -Run all software with the least privileges required while still maintaining functionality.
Microsoft’s summary of the November releases can be found here: ...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is another fairly heavy month, with 11 bulletins covering 20 vulnerabilities.
There are 10 critical issues this month affecting Internet Explorer, Excel, Active Directory, and the RPC service of Host Integration Server. All of them are remote code-execution issues, but the issues affecting Host Integration Server and Active Directory do not require any user interaction, making them potentially the worst of the bunch. The remaining issues (rated Important and Moderate) affect Message Queuing Service, Internet Printing Protocol (IPP), Windows Kernel, Ancillary Function Driver, Virtual Address Descriptors (VADs), and Server Message Block (SMB).
As always, customers are advised to follow these security best practices:
-Block external access at the network perimeter to specific sites and computers only. -Avoid sites of questionable or unknown integrity. -Never open files...
Hello and welcome to this month's blog on the Microsoft patch releases. This is a relatively light month, with four bulletins covering eight vulnerabilities.
All of the vulnerabilities this month are client-side issues rated "critical." Five of the issues affect the GDI+ graphics library; the rest affect Media Player, Microsoft Office, and Media Encoder. All of the issues have the potential to see active exploits, but the GDI+ vulnerabilities have the most avenues of attack and affect the most systems. The OneNote protocol handler vulnerability is fairly trivial to exploit.
As always, customers are advised to follow these security best practices:
- Avoid sites of questionable or unknown integrity. - Never open files from unknown or questionable sources. - Run all client software with the least privileges required while still maintaining functionality.
